summaryrefslogtreecommitdiff
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
* libcli:auth: Keep passwords from convert_string_talloc() secretJoseph Sutton2022-09-191-0/+2
| | | | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6edf88f5c40421b9881666a2e78038ea9c547c24)
* waf: Fix SO version number of libsamba-errorsAndreas Schneider2022-08-231-1/+1
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15141 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 563a2c8d7296e77ae12de1c5a1a3797e72294068) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Tue Aug 23 10:31:11 UTC 2022 on sn-devel-184
* libcli/smb: Set error status if 'iov' pointer is NULLJoseph Sutton2022-08-231-1/+5
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184 (cherry picked from commit 75e03ea021afa66842b6e0dea21072b1b8026d58)
* libcli/smb: Ensure we call tevent_req_nterror() on failureJoseph Sutton2022-08-231-1/+5
| | | | | | | | | | | | | | | | | | Commit 3594c3ae202688fd8aae5f7f5e20464cb23feea9 added a NULL check for 'inhdr', but it meant we didn't always call tevent_req_nterror() when we should. Now we handle connection errors. We now also set an error status if the NULL check fails. I noticed this when an ECONNRESET error from a server refusing SMB1 wasn't handled, and the client subsequently hung in epoll_wait(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 40d4912d841e6bcd7cd37810ef101d5f89268ee7)
* libcli:auth: Add test for decode_pwd_string_from_buffer514()Andreas Schneider2022-07-281-0/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Add decode_pwd_string_from_buffer514()Andreas Schneider2022-07-282-0/+49
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Add test for extract_pwd_blob_from_buffer514()Andreas Schneider2022-07-281-0/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Add extract_pwd_blob_from_buffer514()Andreas Schneider2022-07-282-0/+48
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Implment a common create_pw_buffer_from_blob()Andreas Schneider2022-07-281-5/+38
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Use extract_pw_from_buffer() in decode_pw_buffer()Andreas Schneider2022-07-281-20/+16
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Keep data of extract_pw_from_buffer() secretAndreas Schneider2022-07-281-0/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Add test for encode_pwd_buffer514_from_str()Andreas Schneider2022-07-282-0/+137
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Add encode_pw_buffer_from_str()Andreas Schneider2022-07-282-0/+41
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Implement a generic encode_pwd_buffer_from_str()Andreas Schneider2022-07-281-18/+59
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:auth: Remove trailing spaces from proto.hAndreas Schneider2022-07-281-21/+21
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli: Modernize a few DEBUG statementsVolker Lendecke2022-07-251-22/+23
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libcli/security: Fix typosJoseph Sutton2022-06-142-2/+2
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:util: Update werror tableJoseph Sutton2022-06-142-4/+17
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spelling: connnect encrytion exisit expection explicit invalide missmatch ↵Michael Tokarev2022-06-101-2/+2
| | | | | | | | | | | | | | | | | | paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated Tree-wide spellcheck for some common misspellings. source3/utils/status.c has misspelled local variable (unkown_dialect). "missmatch" is a known historical misspelling, only the incorrect misspellings are fixed. source3/locale/net/de.po has the spelling error (unkown) in two msgids - it probably should be updated with current source. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/util: Change function to mem_equal_const_time()Joseph Sutton2022-06-096-21/+21
| | | | | | | | | | Since memcmp_const_time() doesn't act as an exact replacement for memcmp(), and its return value is only ever compared with zero, simplify it and emphasize the intention of checking equality by returning a bool instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/util: Change function to data_blob_equal_const_time()Joseph Sutton2022-06-091-3/+3
| | | | | | | | | | Since data_blob_cmp_const_time() doesn't act as an exact replacement for data_blob_cmp(), and its return value is only ever compared with zero, simplify it and emphasize the intention of checking equality by returning a bool instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: Use constant-time memcmp when comparing sensitive buffersJoseph Sutton2022-06-095-16/+16
| | | | | | | | | This helps to avoid timing attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli: Covscan: unchecked return value for file_save()Pavel Filipenský2022-05-141-2/+2
| | | | | | Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* libcli: Fix trailing whitespace in netlogon.cPavel Filipenský2022-05-141-2/+2
| | | | | | Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and ↵Stefan Metzmacher2022-05-021-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | security_length = 0 This fixes connections against the Azure SMB3 server. It's not possible to demonstrate the bug with a test and a knownfail entry, because it fails to even startup the test environments, but the following change to our server demonstrates the problem and shows the fix works: diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index da567951c0bf..25fdaea2df7b 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -711,6 +711,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } } + security_buffer = data_blob_null; + if (out_negotiate_context_blob.length != 0) { static const uint8_t zeros[8]; size_t pad = 0; @@ -759,6 +761,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } + security_offset = 0; + SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */ SSVAL(outbody.data, 0x02, security_mode); /* security mode */ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon May 2 20:13:10 UTC 2022 on sn-devel-184
* sddl: Remove SDDL SID strings unsupported by WindowsJoseph Sutton2022-03-171-3/+0
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* sddl: Add new SDDL SID stringsJoseph Sutton2022-03-171-0/+32
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* sddl: Fix incorrect SDDL SID stringsJoseph Sutton2022-03-171-3/+5
| | | | | | | | | | Change the values to match those used by Windows. Verified with PowerShell commands of the form: New-Object Security.Principal.SecurityIdentifier ER Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: libcli: Rename smb_key_derivation() -> smb1_key_derivation()Jeremy Allison2022-03-083-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_is_negotiated() -> smb1_signing_is_negotiated()Jeremy Allison2022-03-082-2/+2
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_set_negotiated() -> smb1_signing_set_negotiated()Jeremy Allison2022-03-083-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_is_mandatory() -> smb1_signing_is_mandatory()Jeremy Allison2022-03-082-2/+2
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_is_desired() -> smb1_signing_is_desired()Jeremy Allison2022-03-082-2/+2
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Remove unused smb_signing_is_allowed()Jeremy Allison2022-03-082-6/+0
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_is_active() -> smb1_signing_is_active()Jeremy Allison2022-03-083-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_activate() -> smb1_signing_activate()Jeremy Allison2022-03-083-7/+7
| | | | | | | Fix the debugs that also used this name. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_check_pdu() -> smb1_signing_check_pdu()Jeremy Allison2022-03-083-14/+12
| | | | | | | Fix the debugs that also used this name. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_sign_pdu() -> smb1_signing_sign_pdu()Jeremy Allison2022-03-083-6/+6
| | | | | | | Fix the debugs that also used this name. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_cancel_reply() -> smb1_signing_cancel_reply()Jeremy Allison2022-03-083-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_next_seqnum() -> smb1_signing_next_seqnum()Jeremy Allison2022-03-083-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_md5() -> smb1_signing_md5()Jeremy Allison2022-03-081-5/+5
| | | | | | | Fix the debug that also used this name. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_good() -> smb1_signing_good()Jeremy Allison2022-03-081-5/+5
| | | | | | | Fix the debugs that also used this name. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_init() -> smb1_signing_init()Jeremy Allison2022-03-083-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename smb_signing_init_ex() -> smb1_signing_init_ex()Jeremy Allison2022-03-082-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: libcli: Rename static smb_signing_reset_info() -> smb1_signing_reset_info()Jeremy Allison2022-03-081-3/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* s3: Simple rename 'struct smb_signing_state' -> 'struct smb1_signing_state'Jeremy Allison2022-03-083-37/+37
| | | | | | | | This is only used by the SMB1 signing code, except for one bool for SMB2 which we will replace next. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: David Mulder <dmulder@samba.org>
* libcli/smb: let smb2_signing_decrypt_pdu() cope with ↵Stefan Metzmacher2022-02-021-0/+15
| | | | | | | | | | | | | | | | | | | | | | gnutls_aead_cipher_decrypt() ptext_len bug The initial implementation of gnutls_aead_cipher_decrypt() had a bug and used: *ptext_len = ctext_len; instead of: *ptext_len = ctext_len - tag_size; This got fixed with gnutls 3.5.2. As we only require gnutls 3.4.7 we need to cope with this... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
* libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_lenStefan Metzmacher2022-02-021-1/+8
| | | | | | | | | | | | | | | | | When the ptext_size != m_total check fails, we call this: status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); goto out; As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu() with NT_STATUS_OK, but without copying the decrypted data back into the callers buffer. Which leads to strange errors in the caller. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.Jeremy Allison2022-02-011-0/+3
| | | | | | Will be used by smb2_query_directory. Not yet used or available. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli: Add SMB2 posix negotiate context flag.Jeremy Allison2022-02-011-0/+1
| | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status